Max CVSS | 9.3 | Min CVSS | 4.3 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2015-7309 | 6.5 |
The theme editor in Bolt before 2.2.5 does not check the file extension when renaming files, which allows remote authenticated users to execute arbitrary code by renaming a crafted file and then directly accessing it.
|
04-01-2021 - 18:20 | 22-09-2015 - 15:59 | |
CVE-2015-2509 | 9.3 |
Windows Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8, and Windows 8.1 allows user-assisted remote attackers to execute arbitrary code via a crafted Media Center link (mcl) file, aka "Windows Media Center RCE Vulnerability."
|
15-05-2019 - 18:40 | 09-09-2015 - 00:59 | |
CVE-2015-2527 | 7.2 |
The process-initialization implementation in win32k.sys in the kernel-mode drivers in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 does not properly constrain impersonation levels, which a
|
14-05-2019 - 20:48 | 09-09-2015 - 00:59 | |
CVE-2015-2508 | 7.2 |
The Adobe Type Manager Library in Microsoft Windows 10 allows local users to gain privileges via a crafted application, aka "Font Driver Elevation of Privilege Vulnerability."
|
12-10-2018 - 22:09 | 09-09-2015 - 00:59 | |
CVE-2015-6973 | 6.8 |
Multiple cross-site request forgery (CSRF) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote attackers to hijack the authentication of administrators for requests that (1) change a password via a crafted request to user-password.jsp, (2
|
09-10-2018 - 19:57 | 16-09-2015 - 19:59 | |
CVE-2007-2497 | 7.8 |
RealNetworks RealPlayer 10 Gold allows remote attackers to cause a denial of service (memory consumption) via a certain .ra file. NOTE: this issue was referred to as a "memory leak," but it is not clear if this is correct.
|
11-10-2017 - 01:32 | 04-05-2007 - 00:19 | |
CVE-2015-7707 | 6.5 |
Ignite Realtime Openfire 3.10.2 allows remote authenticated users to gain administrator access via the isadmin parameter to user-edit-form.jsp.
|
01-07-2017 - 01:29 | 05-10-2015 - 15:59 | |
CVE-2015-6972 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote attackers to inject arbitrary web script or HTML via the (1) groupchatName parameter to plugins/clientcontrol/create-bookmark.jsp; the (2) urlName par
|
01-07-2017 - 01:29 | 16-09-2015 - 19:59 |